Modular exponential algorithm in an electronic component using a public key encryption algorithm

ABSTRACT

The present invention concerns an anti-SPA (from the English “Simple Power Attack”) modular exponentiation algorithm in an electronic component using a public key ciphering algorithm.

[0001] The present invention concerns an anti-SPA (“Simple PowerAttack”) modular exponentiation algorithm in an electronic componentusing a public key ciphering algorithm.

[0002] The characteristics of public key cryptography algorithms areknown: calculations made, parameters used. The only unknown is theprivate key contained in the program memory. The entire security ofthese cryptography algorithms resides in this private key contained inthe card and unknown to the world outside this card. This private keycannot be deduced solely from knowledge of the message applied as aninput and the encoded message supplied in return or from knowledge ofthe public key.

[0003] However, it has become clear that external attacks, based on thecurrent consumptions or an analysis of current consumption when themicroprocessor in a card is in the process of running the cryptographyalgorithm for signing a message or deciphering a message, enablingill-intentioned third parties to find the private key contained in thiscard. These attacks are referred to as SPA attacks, the English acronymfor Single Power Analysis.

[0004] The principle of these SPA attacks is based on the fact that thecurrent consumption of the microprocessor executing the instructionsvaries according to the data manipulated.

[0005] In particular, when an instruction executed by the microprocessorrequires manipulation of a data item bit by bit, there are two differentcurrent profiles depending on whether this bit is “1” or “0”. Typically,if the microprocessor manipulates a “0”, there is at this moment ofexecution a first consumed current amplitude and if the microprocessormanipulates a “1” there is a second consumed current amplitude differentfrom the first.

[0006] Thus the SPA attack exploits the difference in the currentconsumption profile in the card during the execution of an instructionaccording to the value of the bit manipulated. In a simplified manner,the conduct of an SPA attack consists of identifying one or moreparticular periods during which the algorithm is run comprising theexecution of at least one instruction manipulating data bit by bit anddistinguishing two different current consumption profiles, onecorresponding to the manipulation of a bit equal to “0” and the othercorresponding to a bit equal to “1”. The analysis takes place over acurve or possibly over n curves of the same running of the algorithmaveraged in order to eliminate noise.

[0007] Modular exponentiation is defined by the following mathematicalformula:

[0008] R=X^(Y) mod N,

[0009] in which:

[0010] Y is an exponent which has a size of k bits;

[0011] N is a modulus which has a size of k′ bits;

[0012] X is a known variable which has a size of k″ bits;

[0013] R is the result of the modular exponentiation operation and has asize of k′ bits.

[0014] The known conventional algorithms A or B described below can beused.

[0015] The conventional algorithm A used for calculating the abovementioned mathematical formula is as follows:

[0016] R is initialised to 1: R=1;

[0017] The binary representation of Y is run through from the mostsignificant bit denoted Y(k−1) to the least significant bit Y(0);

[0018] for each bit Y(i), i varying from (k−1) to 0, the additionaloperation R=R² is performed.

[0019] If the bit Y(i) is equal to 1, an additional step is executedwhich consists of the operation:

R=R*X.

[0020] If for example Y is equal to 5, its binary representation is 101;

[0021] If the above algorithm is applied:

[0022] for the first bit [Y(2)=1], R=R² is effected followed by theoperation R*X=X, that is to say the result, R=X;

[0023] for the second bit [Y(1)=0], the operation R=R² is performed,that is to say the result, R=X²;

[0024] for the third bit [Y(0)=1], the operation R=(R²)² is performed,followed by the operation R=R*X, that is to say the result, R=(X²)²=X⁵.

[0025] As a reminder, the previous R is always used.

[0026] Naturally, all the mathematical operations described for theexample Y is equal to 5 are performed modulo N, which makes it possibleto work with a register r with a size of k′ bits.

[0027] The conventional algorithm B used for calculating theabovementioned mathematical formula is as follows:

[0028] R is initialised to 1 and Z to X:

[0029] R=1 and Z=X, Z being a variable:

[0030] the binary representation of Y is run through from the leastsignificant bit Y(0) to the most significant bit Y(k−1);

[0031] for each bit Y(i), i varying from 0 to (k−1), the additionaloperation Z=Z² is performed, when i is greater than 0;

[0032] if the bit Y(i) is equal to 1, an additional step is executedwhich consists of the operation: R=R*Z.

[0033] If for example Y is equal to 5, its binary representation is 101.

[0034] If the above algorithm is applied:

[0035] for the first bit, Y(0)=1; the operation Z* is not performed(since i=0) and the operation R=R*Z=X is performed;

[0036] for the second bit [Y(1)]=0, the operation Z²=X² is performed; Ris unchanged since Y(1)=0;

[0037] for the third bit [Y(2)=1], the operation Z=Z²=X⁴ is performedand as Y(2) is equal to 1 the operation R=R*Z is also performed andtherefore X⁵ is obtained.

[0038] As a reminder, the previous R and Z are always used.

[0039] Naturally, all the mathematical operations described for theexample Y is equal to 5 are performed modulo N, which makes it possibleto work with registers r and z with a size of k′ bits.

[0040] However, this algorithm B is rarely used in an electroniccomponent of the chip card type since it requires more memory (anadditional register z with a size of k′ bits).

[0041] It is found that, on the conventional algorithms A and Bexplained above, according to each bit of Y one operation is performedif the bit is 0 and two operations if the bit is 1. These algorithms Aand B are used for the RSA. As a reminder, the RSA ciphering system isthe most widely used public key ciphering system. It can be used as anciphering method or as a signature method. The RSA ciphering system isused in chip cards for certain applications thereof. The possibleapplications of RSA on a chip card are access to data banks, bankingapplications, distance payment applications, such as for example paytelevision, petrol dispensing or the payment of motorway tolls. Thislist of applications is of course not exhaustive.

[0042] The principle of the RSA ciphering system is as follows. It canbe divided into three distinct parts, namely:

[0043] 1) The generation of the pair of RSA keys;

[0044] 2) The ciphering of a message in clear into a ciphered message,and

[0045] 3) The deciphering of a ciphered message into a message in clear.

[0046] The RSA ciphering operation consists of calculating a cipher cwhich is equal to a message M^(e) mod N represented by the operationC=M^(e) mod N, in which e is the public ciphering exponent and N is themodulus.

[0047] An RSA deciphering operation consists of calculating a message M′which is equal to M if the deciphering is carried out correctly and isrepresented by the operation:

[0048] M′=C^(d) mod N,

[0049] in which d is the private deciphering exponent and N the modulus.

[0050] It is found that the RSA is directly a modular exponentiationoperation.

[0051] It turns out that d is an element which is secret since it isprivate; it is therefore found that d is equivalent to Y in theconventional algorithm A or B, algorithms described at the beginning ofthe description. However, these algorithms used for the RSA can beattacked simply by studying the current consumption of the electroniccomponent implementing the invention.

[0052] This is because, if it is considered that the signature S of anoperation R² for algorithm A and Z² for algorithm B referred to as“operation square”, denoted S(SQU), is different from the signature S ofthe operation R*X for algorithm A and Z*R for algorithm B, referred toas “operation multiply”, denoted S(MUL), then the current consumptionduring the execution of the algorithm A or B described above consists ofa series of signatures S(SQU) and S(MUL) directly dependent on Y.

[0053] For example, in the case of algorithm A, for Y equal to 5, therewill be the following series of signatures:

[0054] [S(SQU), S(MUL)], [S(SQU)], [S(SQU), S(MUL)], in which series thesignatures [S(SQU)] followed by [S(MUL)] corresponds to a bit equal to 1and the signature [S(SQU)] followed by the signature [S(SQU)]corresponds to a bit equal to 0.

[0055] Simply by looking at the current consumption, if it is known howto differentiate S(SQU) from S(MUL), it is possible to find the whole ofthe value Y. If this attack is applied to the RSA described above, Y=dis found, which is the private deciphering exponent which must remainsecret by definition, which is therefore very awkward.

[0056] The present invention makes it possible to eliminate this majordrawback.

[0057] However, in order to clearly emphasise the inventiveness of thepresent invention, it is useful to describe an example of an improvementto the algorithms A and B which are nevertheless faulty.

[0058] In the conventional algorithm A or B, it is considered that thecomponent which implements the invention has an optimised operationreferred to as “Square”, denoted SQU, which calculates R² moreeffectively than the operation “Multiply”, denoted MUL.

[0059] The first riposte against attack consists of using only theoperation MUL. In this case, there remains nothing more than thesignature of the operation “Multiply”, which no longer makes it possibleto distinguish any information making it possible to go back to thevalue Y. More precisely, the mathematical operation “Multiply” has twooperands V and W and is defined by the formula:

MUL(V,W)=V*W.

[0060] In theory, one is protected but in practice the operationMUL(V,V) or the operation MUL(V,W) is used; there is therefore still adifference in the current consumption since the operands are different.This is not a reliable solution.

[0061] The present invention consists of calculating the modularexponentiation by means of the present algorithm and makes it possibleto avoid the drawback cited just above.

[0062] Use is made of two registers R₁ and R₂ and an indicator I whichis equal to zero, “0”, meaning that the result is situated in theregister R₁ or which is equal to a one, “1”, meaning that the result issituated in the register R₂; this makes it possible to indicate in whichregister the correct result is situated.

[0063] The algorithm of the invention which uses algorithm A consists ofbeing executed by means of the following initialisation steps a and band the calculation steps c, d, e and f which are performed k times, kbeing the size of Y, steps described below:

[0064] a) R₁=1 is initialised;

[0065] b) I=0 is initialised.

[0066] For each bit Y(i) of the binary representation of Y, thefollowing four steps c, d, e and f of “0” to “k−1” are performed; thebinary representation of Y is run through from the most significant bitY(k−1) to the least significant bit Y(0);

[0067] c) If I=0, the operation R₂=(R₁)² is performed;

[0068] If I=1, the operation R₁=(R₂)² is performed;

[0069] d) I is complemented, that is to say it changes value but onlyfrom “0” to “1” or from “1” to “0”;

[0070] e) The test operation is repeated on I:

[0071] If I=0, the operation R₂=R₁*X is performed;

[0072] If I=1, the operation R₁=R₂*X is performed;

[0073] f) If Y(i) is equal to 1, then I is complemented;

[0074] if Y(i) is equal to 0, then I is kept unchanged.

[0075] Thus, whatever the value of Y, an SQU operation and an MULoperation are always performed. There will therefore be, at step d, oneof the following two signatures:

S(R ₂ =SQU(R ₁)) or S(R ₁ =SQU(R ₂))

[0076] There will also be, at step f, one of the following twosignatures: S(R₁=MUL(R₂,X)) or S(R₂=MUL (R₁,X)).

[0077] The signatures of step c are equivalent since they use the sameoperands and perform the same operation (SQU).

[0078] The signatures of step e are equivalent since they use the sameoperands and perform the same operation (MUL).

[0079] Consequently it is no longer possible to go back to the value ofY, which will be a succession of operations (SQU) and (MUL) Theapplication of the present invention makes it possible to calculate amodular exponentiation in a protected fashion in an electronic componentusing a public key algorithm requiring a modular exponentiationalgorithm.

[0080] The algorithm of the present invention, which uses theconventional algorithm B, consists of being executed by the followinginitialisation steps a and b and the following calculation steps c, dand e, which are carried out k times, k being the size of Y:

[0081] a) R₁=1 is initialised and Z=X;

[0082] b) I=0 is initialised.

[0083] For each bit of Y(i) of the binary representation of Y, the threesteps c, d and e are performed, i varying from “0” to “k−1”; the binaryrepresentation of Y is run through from the least significant bit Y(0)to the most significant bit Y(k−1);

[0084] c) the operation Z:=Z² is performed;

[0085] d) If I=0, the operation R₂:=R₁*Z is performed;

[0086] If I=1, the operation R₂:=R₂*Z is performed;

[0087] e) if Y(i)=0, then I is kept unchanged and if Y(i)=1, then I iscomplemented.

[0088] Thus, whatever the value of Y, an SQU operation and an MULoperation are always performed. There will therefore be, at step c, thefollowing signature: S(SQU).

[0089] At step d there will be one of the following two signatures:S(R₁=MUL (R₂, Z)) or S(R₂=MUL (R₁,Z)). The signatures of step d areequivalent since they use the same operands and perform the sameoperation (MUL).

[0090] Consequently it is no longer possible to go back to the value Y,which will be a succession of operations (SQU) and (MUL). Theapplication of the present invention makes it possible to calculate amodular exponentiation in a protected fashion in an electronic componentusing a public key algorithm requiring a modular exponentiationalgorithm.

[0091] As an example of the invention, the DSA is used, which is avariant of the Schnorr and El Gamal signatures algorithm.

[0092] To sign the steps m, the following steps are performed:

[0093] 1) Generation of a random number k;

[0094] 2) Calculation of r=(g^(k)modp)modq

[0095] with g, p and q public integer numbers known to the world outsidethe chip card;

[0096] 3) Calculation of s=(K⁻¹(H(m)+x*r))modq

[0097] with Ho a chopping function and x a private key.

[0098] The pair (r,s) corresponds to the signature of the message m.

[0099] It will noted that K is secret.

[0100] Step 2 consists partly of a modular exponentiation:

r′=g ^(k) modp and r=r′modq.

[0101] If the modular exponentiation is effected with the conventionalalgorithm A or B as described above, then an SPA attack makes itpossible to go back to the value k. Knowing k and as s, m and r areknown, the attacker can calculate the secret key x. Thus he has foundthe key of the signature and the system is broken. It is thereforepreferable to use the present invention or its variant embodiment inorder to effect the modular exponentiation of step 2 of the presentexample.

[0102] Thus, in the present invention, since the method of calculatingthe algorithm does not make it possible to find k by studying thecurrent consumption, the attacker cannot go back to the value of theprivate key x.

1. A modular exponentiation algorithm defined by the followingmathematical formula: R=X^(Y) mod N, Y being an exponent having a sizeof k bits, N being a modulus having a size of k′ bits, X being a knownvariable having a size of k″ bits; R being the result of the modularexponentiation operation and having a size of k′ bits and comprisingregisters R1 and R2 and an indicator I, an algorithm characterised inthat it has the following execution steps comprising steps a and b,referred to as initialisation steps, and steps c, d and e, referred toas calculation steps: a) R₁=1 and Z=X are initialised; b) I=0 isinitialised; for each bit of Y(i) of the binary representation of Y, thethree steps c, d and e are performed, i varying from “0” to “k−1”; thebinary representation of Y is therefore run through from the leastsignificant bit Y(0) to the most significant bit Y(k−1); c) theoperation Z:=Z² is performed; d) if I=0, the operation R₂:=R₁*Z isperformed; if I=1, the operation R₁:=R₂*Z is performed; e) if Y(i)=0,then I is kept unchanged and if Y(i)=1, then I is complemented.
 2. Amodular exponentiation algorithm defined by the following mathematicalformula: R=X^(Y) mod N, Y being an exponent having a size of k bits; Nbeing a modulus having a size of k′ bits, x being a known variablehaving a size of k″ bits; R being the result of the modularexponentiation operation and having a size of k′ bits and comprisingregisters R1 and R2 and an indicator I, an algorithm characterised inthat it has the following execution steps comprising steps a and b,referred to as initialisation steps, and steps c, d, e and f, referredto as calculation steps: a) R1=1 is initialised; b) I=0 is initialised;For each bit of Y(i) of the binary representation of Y, the followingfour steps c, d, e and f are performed, i varying from “0” to “k−1”; thebinary representation of Y is therefore run through from the leastsignificant bit Y(0) to the most significant bit Y(k−1); c) If I=0, theoperation R₂=(R₁)² is performed; If I=1, the operation R₁=(R₂)² isperformed; d) In both cases of step d, I is complemented, that is to sayit changes value but only from “0” to “1” or from “1” to “0”; e) Thetest operation on I is re-performed: if I=0, the operation R₂=R₁*X isperformed; if I=1, the operation R₁=R₂*X is performed; f) if Y(i) isequal to 1, then I is complemented; if Y(i) is equal to 0, then I iskept unchanged.
 3. An electronic component characterised in that itimplements either one of claims 1 to
 2. 4. An electronic componentaccording to claim 2, characterised in that it is a portable electronicobject of the chip card type.
 5. An electronic terminal, characterisedin that it implements either one of claims 1 to 2.